fbpx

Download free GDPR compliance checklist!

Tag Archives for " data breach "

Companies with poor privacy practices are 80% more apt to suffer data breach

Poor privacy=data breach as reported by Osano was proven July 15 when Twitter was hacked and 130 accounts – including Joe Biden’s and Kanye West’s – were exposed.

There’s a direct correlation between a company’s poor privacy practices and the likelihood of a data breach, according to a report from the data privacy platform Osano, The Osano Data Privacy and Data Breach Link.

Source: Companies with poor privacy practices are 80% more apt to suffer data breach – TechRepublic

Marriott International faces class action suit over mass data breach

Technology consultant leads legal action after hackers stole personal details of 300m guests.

Hotel group Marriott International is facing a class action lawsuit in London’s high court from millions of customers, who are seeking compensation after their personal details were stolen in one of the world’s largest data breaches .

Source: Marriott International faces class action suit over mass data breach

1 Capital One Fined $80 Million in Data Breach

The U.S. Treasury Department has fined Capital One $80 million for careless network security practices that enabled a hack that accessed the personal information of 106 million of the bank’s credit card holders.

Capital One failed in 2105 to establish effective risk management when it migrated information technology operations to a cloud-based service. The bank’s own internal audit failed to identify “numerous weaknesses” in its management the cloud environment and “engaged in unsafe or unsound practices that were part of a pattern of misconduct.”

Source: Capital One Fined $80 Million in Data Breach | SecurityWeek.Com

Morgan Stanley Hit with Class Lawsuit Over Alleged Data Breaches

Former and current Morgan Stanley customers have filed a putative class-action lawsuit alleging negligence and invasion of privacy over the firm’s failure to properly scrub decommissioned hardware of personal information such as social security numbers, account numbers and other personal data.

Morgan Stanley earlier this month began notifying brokers and customers that some client information remained on hardware from two data centers that were closed in 2016.

Source: Morgan Stanley Hit with Class Lawsuit Over Alleged Data Breaches – AdvisorHub

UK data watchdog having a hard time making GDPR fines stick

British Airways expects the fine for its 2018 credit card data leak to be just 10.8 per cent of the £183m proposed by the UK data watchdog – while US hotel chain Marriott has both halved and kicked its own data blunder punishment into the long grass once again.

Mishcon’s Baines pondered whether the amount of ICO effort devoted to the two cases had disrupted its other data protection enforcement work: “One wonders if the effect of the BA and Marriott investigations has also been to cause work on other enforcement action to be paused, or at least delayed,” he mused, referring to boasts from Information Commissioner Elizabeth Denham last year that she was about to announce more big GDPR fines.

Source: UK data watchdog having a hard time making GDPR fines stick: Marriott scores another extension, BA prepares to pay 11% of £183m penalty threat • The Register

Garmin global outage caused by ransomware attack

The WastedLocker ransomware, used by a notorious Russian hacking group, is said to be to blame.

The incident began late Wednesday and continued through the weekend, causing disruption to the company’s online services for millions of users, including Garmin Connect, which syncs user activity and data to the cloud and other devices.

Source: Garmin global outage caused by ransomware attack, sources say | TechCrunch

Seven ‘no log’ VPN providers accused of leaking user logs onto the internet

A string of “zero logging” VPN providers have some explaining to do after more than a terabyte of user logs were found on their servers unprotected and facing the public internet.

This data, we are told, included in at least some cases clear-text passwords, personal information, and lists of websites visited, all for anyone to stumble upon.

Source: Seven ‘no log’ VPN providers accused of leaking – yup, you guessed it – 1.2TB of user logs onto the internet • The Register

LinkedIn Sued Over Access to Clipboard Data

Social networking company LinkedIn was hit with a class-action complaint alleging that it engaged in “a particularly brazen, indefensible privacy violation” by accessing material from Apple devices.

The allegations appear to stem from a report earlier this month by developer Don Morton, who tweeted that Microsoft’s LinkedIn was copying the clipboards on his iPad and MacBook.

Source: LinkedIn Sued Over ‘Brazen’ Privacy Breach 07/13/2020

UK government reported 500 personal data breaches to ICO in a year

Central government reported almost 500 personal data breaches to the Information Commissioner’s Office in the 2020 fiscal year, with one in ten requiring formal investigation and at least 10 incidents that have required the department in question to take remedial action.

During FY20, the regulator also received a collective tally of 1,006 data-breach reports from the local government sector. The overall number of reports filed across all sectors quadrupled following the introduction of GDPR, from 3,331 in 20178/18 to 13,840 the following year.

Source: EXCL: Whitehall departments reported 500 personal data breaches to ICO in FY20 | PublicTechnology.net

Police Are Buying Access to Hacked Website Data

Hackers break into websites, steal information, and then publish that data all the time, with other hackers or scammers then using it for their own ends. But breached data now has another customer: law enforcement.

Some companies are selling government agencies access to data stolen from websites in the hope that it can generate investigative leads, with the data including passwords, email addresses, IP addresses, and more.

Source: Police Are Buying Access to Hacked Website Data

>